package com.hksj.app.config;

import com.hksj.jetlinks.config.JetBaseSecurityConfig;
import com.hksj.wmp.auth.WxAuthenticationProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;

import java.util.List;

@Order(98)
@Configuration
public class SecurityConfig extends JetBaseSecurityConfig {
    @Autowired
    private WxAuthenticationProvider wxAuthenticationProvider;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        super.configure(http);
        http
                .authorizeRequests()
                // 对于登录接口 允许匿名访问   {不携带token能访问，但是携带token不能访问
                .antMatchers("/resource/process").anonymous()
                .antMatchers("/api/wx/wxLogin").permitAll()
//                .antMatchers("/**").anonymous()
                .antMatchers("/ws/server").permitAll()
                .antMatchers("/api/callOrder/**").permitAll()
                .antMatchers("/api/operationRoom/queryLatestOperationRoomInfoListByPaging").permitAll() //放开分页查询各手术室最新信息列表的接口
                .antMatchers("/api/spaceModel/querySpaceModelList").permitAll() //放开查询空间位置的接口
                .antMatchers("/api/orEquipment/equipmentControl").permitAll() //放开手术室设备控制
                .antMatchers("/api/callOrderInfo/callOrdeInfo").permitAll() //放开信息发布屏-护工等候区
                .antMatchers("/api/surgical/querySurgicalList").permitAll() //放开信息发布屏-家属等候区/医生办公室
                .antMatchers("/api/surgical/querySurgeryStatusForFamilyWaitingArea").permitAll()
                .antMatchers("/api/callOrderInfo/queryLatestRecord").permitAll()
                .antMatchers("/api/operationRoom/listOperationRoom").permitAll()
                .antMatchers("/api/operationRoom/queryOperationRoomDataList").permitAll() //手术间数据列表
//                .antMatchers("/api/surgical/querySurgeryStatusForFamilyWaitingArea").permitAll()
                .anyRequest().authenticated();
        List<AuthenticationProvider> providers = ((ProviderManager) authenticationManager()).getProviders();
        providers.add(wxAuthenticationProvider);
    }
}